From: Robin Wood <robin@digi.ninja>
Date: Fri, 3 Feb 2023 18:44:11 +0000
Yes, the JavaScript is sent to the browser as part of the "web page package". This is a page on my site: https://digi.ninja/projects/authlab.php As part of it, it uses this bit of HTML: <script src="/javascript/authlab.js <https://digi.ninja/javascript/authlab.js>"></script> To load this JavaScript file: https://digi.ninja/javascript/authlab.js The JS file is public and accessible to anyone who browses to it. If it wasn't, then when the browser tried to download it, it would fail, and my page would not work as it should. Try it on almost any site. Browse to it and then do a "view source". Look through for mentions of included scripts, you can then browse to those and see their contents. Anything that has to be run in a browser has to be able to be downloadable from the server and therefore is fully visible to anyone who wants to see it. You should never put secret stuff in anything that has to go to the client. If you are specifically meaning there are comments in the JS file that shouldn't be seen, just tell the developer to remove them. They won't affect anything as comments are just that, comments. Robin On Fri, 3 Feb 2023, 18:22 thanatos thanatos, <thanatos_ps () yahoo com> wrote:
I am talking about running a scan from the outside on port 443. It shows my clients information Sent from Yahoo Mail on Android <https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature> On Thu, Feb 2, 2023 at 10:08 AM, Robin Wood <robin@digi.ninja> wrote: JavaScript is sent to the client as part of the way the web works and so can't be blocked or hidden. If you stop sending it then whatever bits of the site rely on it will stop working. Nothing should be considered secret in client side JavaScript. Robin On Thu, 2 Feb 2023, 15:48 thanatos thanatos via dev, <dev () nmap org> wrote: I have a question. When I run MAP It displays the javascript comments for the site being scanned. This is a concern for the client as this code has proprietary information. The client is asking if something can be done on their side to prevent this information from being displayed as a part of the NMAP scan? Thank U Thanatos _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/